Subject Re: draft charge, refeds working group on attribute release
From Stefan Winter <stefan.winter@xxxxxxxxxx>
Date Tue, 05 Jul 2011 13:48:47 +0200


> I was thinking about less obvious reasons for #fail such as the
> requirement to limit online dictionary attacks against your users
> credentials. Not quite so easy once you start to get into the
> details of it.

I also stumbled over one reason for not being LoA1: accounts are to be
attributable to an individual ("... the same claimant is accessing
..."). Some of the smaller schools around here don't bother to do it
"properly", with a role-accound "director@..." that gets put through to
the actual individual account - they just make the director@ an actual
account with password and the individual that is currently the director
gets the password. That means the claimant behind an account changes
every once in a while.

Yes, hacky, and #fail if you like - but these things exist.


Stefan Winter

Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

Attachment: signature.asc
Description: OpenPGP digital signature